Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Friday, February 3, 2012

Role based Security in AX

There is a new pattern introduced in the new version of Dynamics AX (AX6.0/2012), for the security of the forms/tables etc. which is called RBS.

In Microsoft Dynamics AX, role-based security is aligned with the structure of the business. Users are assigned to security roles based on their responsibilities in the organization and their participation in business processes. The administrator grants access to the duties that users in a role perform, not to the program elements that users must use.

                    


Let’s take a looks at the data models of the Security framework


Table
Description
Mapping
SecurityRole 
Contains list of roles
(AOTàSecurityàRoles)
SecurityUserRole 
Contains the user to role mappings 
(System Administration à Users à User)
SecurityTask 
Contains the list of duties and privileges
(AOTàSecurityàPrivileges/Duties)
SecuritySubTask 
Contains the duty to privilege mappings
(AOTàSecurityà Dutiesà Privileges)
SecurityRoleTaskGrant 
contains the list of role to duty mappings
(AOTàSecurityà RolesàDuties)


Some Examples

///////////////// Code in X++ /////////////////////////////

SecurityRole            securityRole;
SecurityUserRole        securityUserRole;
SecurityTask            securityTask;
SecuritySubTask         securitySubTask;
SecurityRoleTaskGrant   securityRoleTaskGrant;
   
#define.SecurityRole(‘BudgetBudgetManager’)
#define.SecurityTask(BudgetManagerRoleCenterView)
   
// 1. How to the find record ID of the privilege
select firstOnly RecId from securityTask
    where securityTask.AotName  == #SecurityTask
        && securityTask.Type    == SecurityTaskType::Privilege;
   
// 2. How to find the record ID of the security role of the currently logged-in user aving the specified security role
select firstonly RecId from securityRole
    exists join securityUserRole
    where securityRole.RecId     == securityUserRole.SecurityRole
        && securityRole.AotName  == #SecurityRole
        && securityUserRole.User == curUserId();

// 3. How to the find all the duties containing the specified privilege (security Duty)?
select SecurityTask from securitySubTask
    where securitySubTask.SecuritySubTask == securityTask.RecId;

// 4. How to check whether the privilege is directly associated with role
select firstOnly RecId from securityRoleTaskGrant
    where securityRoleTaskGrant.SecurityTask  == securityTask.RecId
        && securityRoleTaskGrant.SecurityRole == securityRole.RecId;
 

// 5. How to check whether the privilege is associated with role through duty
 select RecId from securityRoleTaskGrant
    exists join securitySubTask
    where securityRoleTaskGrant.SecurityTask == securitySubTask.SecurityTask
            && securityRoleTaskGrant.SecurityRole == securityRole.RecId;
   
 ///////////////// Code in X++ /////////////////////////////

Posted by at 9:16 PM 23 comments
Labels: , , ,
Subscribe to: Posts (Atom)